14 DAY TRIAL // One in seven of all valid SSL certificates circulating on the Internet is signed using the weak MD5 algorithm, Netcraft reports. The vast majority of them are issued by RapidSSL, a certification authority acquired by VeriSign in 2006.
Netcraft is a company based in England that offers IT security solutions. The company's SSL Survey released in December 2008 concludes that a number of 135,000 certificates currently in use are susceptible to a MD5 collision attack, recently demonstrated by a group of researchers from Europe and the U.S.
The practical attack was presented at the 25th edition of the Chaos Communication Congress in Berlin last month, and allowed the experts to basically generate rogue, but valid certificates for virtually any website on the Internet.
The Netcraft survey points out that most of the vulnerable certificates found, more specifically 128,000, were issued by RapidSSL. RapidSSL is now owned by VeriSign , which has announced that it has been using the more secure SHA1 hashing algorithm for quite a while now, and that MD5 signing will be completely phased out by the end of January 2009. Other certification authorities previously using MD5 are also likely to switch to better algorithms, Netcraft says.
In a posting on his blog, Tim Callan, vice president of product marketing at VeriSign, points out that existing certificates are not affected by the recently disclosed MD5 collision attack. “The attack, when it worked, was a potential method for a criminal to create a new, false certificate from scratch. Existing certificates are not targets for this attack,” he explains. Even so, just to address the concerns of its customers, the company has offered to replace all previously-issued, MD5-signed certificates free of charge.
In addition, the report notes that the Extended Validation (EV) SSL certificates cannot be faked through the MD5 attack, because the standard already prohibits the use of MD5 for signing. Instead, they are using SHA1, but, as the Netcraft experts warn, “Researchers have also started to find weaknesses in SHA1.Although there are no attacks as advanced as those against MD5, it is likely that SHA1 will also be increasingly threatened by collision attacks as research in this area continues.” They conclude that “We can expect to see CAs start to phase in newer, stronger hashes over the next few years.”